Make WordPress Core

Opened 4 years ago

Closed 4 years ago

#50179 closed defect (bug) (invalid)

all HTTP methods allowed on /login

Reported by: anonymized_15232381's profile anonymized_15232381 Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords: close reporter-feedback
Focuses: Cc:


It seems that almost all http methods are allowed on /login, on all other resources anything other than GET, HEAD or POST will return a 405 response, but on /login every method returns a 200 response.

Change History (3)

#1 @knutsp
4 years ago

  • Component changed from General to REST API
  • Version 5.4.1 deleted

#2 @TimothyBlynJacobs
4 years ago

  • Component changed from REST API to General
  • Keywords close reporter-feedback added

Hi @ptasec,

Welcome to trac! Could you share more details about the request you are making? There is no /login route in WordPress Core, you'll only be redirected to wp-login.php.

As far as I'm aware, WordPress also only sends a 405 error in limited circumstances the REST API, XML-RPC, IXR and commenting. Just making a PUT request to the homepage of a stock WordPress install does not generate a 405 for me. Are you sure this isn't your web server sending the error?

#3 @TimothyBlynJacobs
4 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

No response in 6 months, closing.

Note: See TracTickets for help on using tickets.